With the advent of the Internet, computer users have access to unparalleled amounts of data. For example, computer users can access web pages of companies to obtain company information, access on-line magazines, articles and a plethora of other information. In addition, web page owners obtain marketing information (e.g., number of total hits, number of hits for a particular product, demographic information of the hits, etc.), broader distribution channels, broader advertising base, and many other benefits.
The Internet also offers computer users the ability to conduct transactions with on-line businesses. For example, computer users may purchase products on-line. To do this, the user accesses the web page of the company selling the product, identifies the product and provides payment information (e.g., credit card number). The computer user may also perform on-line banking, on-line brokering, on-line grocery shopping, with new services being developed continually.
While each of these on-line services offer computer users greater convenience, there is a risk that the user information (e.g., credit card number, account number, social security number, other personal data) may be compromised. Once compromised, other parties in possession of this information may perform these on-line services for themselves at the real user's expense. To minimize the possibility of user information being misappropriated, many on-line services, such as on-line banking, offer a security mechanism to protect on-line transactions.
Current on-line banking security techniques use secure sockets layers (“SSL”) U.S. Pat. No. 5,657,390. SSL is a session style protocol providing authentication and protection based on a 40-bit or 128 bit encryption key that the web server of the bank accesses to use as a session key for a transaction with an on-line customer. Utilizing the SSL information and end-user information (e.g., account number, social security number, credit card number, etc.), the bank can reasonably be assured that the transaction will be done in a secure manner, but cannot verify that the person initiating the on-line banking transaction is the person with whom the bank established the account. Thus, a level of uncertainty still exists in on-line secured banking transactions. Further, SSL is browser driven, which under the control of the browser supplier.
Therefore, a need exists for a method and apparatus that enhances secured on-line transactions by allowing the service provider to verify the user it is conducting a transaction with and further enhances security of on-line transactions, by making secured on-line transactions independent of the browser suppliers and certification authorities.